CN103999412B - Software deployment topological structure - Google Patents

Software deployment topological structure Download PDF

Info

Publication number
CN103999412B
CN103999412B CN201380004322.7A CN201380004322A CN103999412B CN 103999412 B CN103999412 B CN 103999412B CN 201380004322 A CN201380004322 A CN 201380004322A CN 103999412 B CN103999412 B CN 103999412B
Authority
CN
China
Prior art keywords
dmz
data center
fat client
client
communicated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201380004322.7A
Other languages
Chinese (zh)
Other versions
CN103999412A (en
Inventor
J·阿历米纳蒂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oracle International Corp filed Critical Oracle International Corp
Publication of CN103999412A publication Critical patent/CN103999412A/en
Application granted granted Critical
Publication of CN103999412B publication Critical patent/CN103999412B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

According to embodiment, one or more software application products of such as Oracle fusion applications can be according to dispose in topological structure using creating or what is optimize integrates and dispose design/blueprint to install and/or configure in the multilayer of (that is, client) data center of tissue.Topological structure based on curstomer's site, it is capable of the supply of optimization software application;And perform the lifecycle operation of application.This causes each product to know the topological structure, and this provides the solution of " out-of-the-box " to client again.The topological structure can also optimize for security, performance and simplicity.According to embodiment, the deployment topologies structure can include the function of Fat Client.

Description

Software deployment topological structure
Priority is protected
This application claims in submission on May 10th, 2012 and entitled " SYSTEM AND METHOD FOR PROVIDING AN ENTERPRISE DEPLOYMENT TOPOLOGY WITH THICK CLIENT FUNCTIONALITY " United States Patent (USP) Apply for No.13/468,792 benefit of priority;This application requires to submit on January 10th, 2012 again and entitled " SYSTEM AND METHOD FOR PROVIDING AN ENTERPRISE DEPLOYMENT TOPOLOGY " U.S. Provisional Patent Application No.61/585,188 and on April 5th, 2012 submit and entitled " SYSTEM AND METHOD FOR PROVIDING AN ENTERPRISE DEPLOYMENT TOPOLOGY " U.S. Provisional Patent Application No.61/620,881 benefit of priority;With Each in upper application is hereby incorporated by by introducing.
Technical field
This invention relates generally to application server and enterprise software to dispose, and has fat client more particularly to for providing The system and method for holding enterprise's deployment topological structure of (thick client) function.
Background technology
In the environment of enterprise software application deployment, traditional dispositions method usually needs tissue/client in data center Software application product, or customization installation are installed best to adapt to the particular requirement of curstomer's site in the individual node at place.Close In the usually not predefined blueprint of the deployment of such product.Moreover, it is suitable to multiple in such as Oracle fusion applications In the environment of the software application product used on reason position, client may want to utilize wherein for example installed in curstomer's site still The Fat Client otherwise connected with the server line in the remote hosting position such as at Oracle data centers.But Because this configuration needs the shadow in terms of opening fire wall and other performance at the network of client and the network of data center Ring, this configuration there may be potential safety hazard.These are the general domains that embodiments of the invention are intended to solve.
The content of the invention
According to embodiment, one or more software application products of such as fusion application can be according in order in tissue Used in the multilayer deployment topological structure of (that is, client) data center and create or optimize integrated and dispose design/blueprint To install and/or configure.Topological structure based on curstomer's site, is capable of the supply of optimization software application, and performs application Lifecycle operation.This causes each product to know the topological structure, and this is provided " out-of-the-box " to client again Solution.The deployment topologies structure can also optimize for security, performance and simplicity.According to embodiment, the portion Administration's topological structure can include the function of Fat Client.
Brief description of the drawings
Fig. 1 illustrates the system for including multilayer enterprise deployment topological structure according to embodiment.
Fig. 2A, 2B, 2C and 2D illustrate another embodiment for including the system of multilayer enterprise deployment topological structure.
Fig. 3 illustrates the Fat Client that can be used together with multilayer enterprise deployment topological structure according to embodiment.
Fig. 4 illustrates to include system of the multilayer enterprise deployment topological structure together with Fat Client according to embodiment.
Fig. 5 A, 5B, 5C and 5D illustrate that including multilayer enterprise disposes topological structure together with the another of the system of Fat Client A kind of embodiment.
Fig. 6 illustrates the method for including the system of multilayer enterprise deployment topological structure according to the installation and/configuration of embodiment.
Embodiment
As described above, in the environment of enterprise software application deployment, because traditional dispositions method is for example needed in client Network and the network of data center open fire wall, therefore traditional dispositions method there may be potential safety hazard.In order to solve This problem, according to embodiment, one or more software application products of such as fusion application can be according in order in tissue Used in the multilayer deployment topological structure of (that is, client) data center and create or optimize integrated and dispose design/blueprint To install and/or configure.The deployment topologies structure can optimize for security, performance and simplicity;And can also Support the function using Fat Client or Fat Client in appropriate place.
According to embodiment, enterprise's deployment topological structure is technology and suggestion based on maturation, and across such as Oracle Database, fusion middleware, fusion application (Fusion Application) and fusion middleware control technology stack it is several Product.In the environment of fusion application, enterprise's deployment is it is also conceivable to business service level agreements extensively should as far as possible to make High availability criterion;Using Database Grid server and the save mesh with low cost storage come provide high resiliency, The infrastructure of low cost;Ensure high availability system frame using from the result for different configuration of performance impact research Structure is optimally configured to the demand that performs and activate business;Make it possible to the time span of interruption recovery and in natural calamity Acceptable data degradation amount is controlled;And/or proposed by following independently of the criterion of hardware and operating system with Architectural framework.The example for the fusion application product that can currently obtain includes Oracle WebCenter, Oracle Business Intelligence、Hyperion、Oracle Universal Content Management、Oracle SOA Suite、 Oracle WebLogic Server, Oracle JDeveloper, Oracle Enterprise Manager, fusion middleware Control and Oracle Identity Management.These products serve as a set of unified personal and corporate process together --- Such as trade type operation flow, business intelligence and cooperation technology --- service application.
Nomenclature
According to embodiment, as referred to herein, following term is used.Obviously, according to other embodiments, can also provide Further feature, and the invention is not restricted to particular term described below and feature:
Oracle home:Oracle home include file to be mounted needed for trustship specific product.For example, SOA Oracle home include the catalogue for wherein including binary file and library file for Oracle SOA Suite.Oracle Home is located in Middleware home bibliographic structure.
WebLogic Server home:WebLogic Server home are included needed for trustship WebLogic Server File to be mounted.WebLogic Server home catalogues are the peer-to-peers of Oracle home catalogues and are located at In Middleware home bibliographic structure.
Middleware home:Middleware home include Oracle WebLogic Server home and optional Ground one or more Oracle home.Middleware home can be located locally file system or can visited by NFS On the teleengineering support disk asked.
Oracle examples:Oracle examples include one or more Active Middleware system components, for example, Oracle Web Cache, Oracle HTTP servers or Oracle Internet Directory.Keeper can when mounted or Determine which component is a part for example when afterwards by creating with profile instance.
Domain:The basic management unit of Oracle weblogic servers.
Managed service device:Trustship service application, application component, Web service and its associated resource.
Failure shifts:When member's chance failure of highly available system (UNPLANNED DOWNTIME), in order to continue as its client Service is provided, the system carries out failover operation.If the system is active-passive system, then passive member is in failure It is activated during transfer operation and client is directed to the member rather than the member of failure.Failover process can be manually Perform, or can detect failure by establishing hardware cluster service and cluster resource is transferred to from the node of failure standby Node automates failover process.If the system is active-active system, then failure transfer is real by load equalizer Body performs, the request of the load equalizer service to active member.If active member's failure, then load equalizer detects Failure and the request to failure member is automatically redirected to also existing active member.
Fault recovery:After system carries out successful failover operation, the original member of failure pushing away over time Shifting can be repaired and is reintroduced to as backup member in system.If desired, fault recovery can be initiated Journey is to activate this member and deactivate another member.This process makes system revert to its matching somebody with somebody before the failure occurs Put.
Hardware cluster:Hardware cluster is (for example, database, Web to network service (for example, IP address) or application service Server) client provide these service single views set of computers.Each node in hardware cluster is fortune The independent server of its own process of row.These processes can communicate with one another cooperative to be provided the user with being formed to look like Using the triangular web of, system resource and data.
Collect group agent:The software operated on the node member of hardware cluster, coordinate availability and property with other nodes Can operation.
Collect groupware:Manage software of the cluster member as the operation of system.It allows to define one group of resource and service, so as to Through the heartbeat mechanism between cluster member come monitor and as far as possible efficiently and these resources and service are pellucidly moved to collection Different members in group.
Shared storage:Shared storage is the storage subsystem that all computers that can be disposed by enterprise in domain access System.
Host node:Run on one's own initiative in any given time fusion application example and having been configured to have it is standby The node of part/two-level node.If host node failure, fusion application example is failed over two-level node.
Two-level node:Node for the backup node of fusion application example.When host node is no longer available, the node is The place of active instance failure transfer.
Network host title:Network host title be by/etc/hosts files or by dns resolution with distributing to IP The title of location.
Physical host title:This document is distinguish between to term physical host title and network host title.This document makes " the internal title " of current computer is referred to physical host title.
Physical IP:Physical IP refers to IP address of the computer on network.In most cases, it generally with computer Physical host names associate.
Switching:In the normal operation period, the active members of system, which may require that, is safeguarded or is upgraded.Switching can be started Process is born with allowing to substitute member's adapter as the work performed by the member for the progress planned shut-down for needing to be serviced or upgrading Carry.
Switchback:When the switching operation is performed, the member of system is deactivated for safeguarding or upgrading.When maintenance or upgrading During completion, system can carry out switchback operation come activate the member upgraded and make system return to switching before configuration.
Virtual host name:Virtual host name is to be mapped to one or more physics through load equalizer or hardware cluster The Hostname of the network addressable of computer.For load equalizer, title " virtual server title " herein with void Intend Hostname to be used interchangeably.Load equalizer can represent one group of server to hold virtual host name, and client End is communicated with computer indirectly using virtual host name.Virtual host name in hardware cluster is allocated to cluster void Intend IP network host title.Because cluster virtual IP address is not any specific node for being for good and all attached to cluster, therefore virtually Host name is nor be for good and all attached to any specific node.
Virtual IP address:(cluster virtual IP address, load equalizer virtual IP address.) generally, virtual IP address can distribute to hardware cluster or Load equalizer.In order to which the triangular web view of cluster is presented to networking client, virtual IP address is acted as cluster member The entrance IP address of server group.Virtual IP address can distribute to server load balancer or hardware cluster.Hardware cluster uses Cluster virtual IP address (can also be arranged on virtual IP address in independent computer come the entrance being presented to the external world in cluster On).The software of hardware cluster manages transfer of the IP address between two physical nodes of cluster, and is connected to the IP address Client require no knowledge about this IP address current active in which physical node.Configured in typical binode hardware cluster In, although there may be several cluster IP address, every computer has physical IP address and the physics master of their own Machine title.These cluster IP address are floated or shifted between the two nodes.The section of current ownership with cluster IP address Point is movable to the address.Load equalizer also uses virtual IP address to be used as to the entrance of one group of server.These servers Often in the activity of same time.The virtual ip address is not assigned to any individual services device, and be allocated in server and its The load equalizer of agency is served as between client.
Enterprise disposes topological structure
As described above, according to embodiment, enterprise's deployment topological structure is design/blueprint for being used in configuration system Or one group of criterion, these design/blueprints or criterion are technology and suggestion based on maturation, and across several products of technology stack. Each deployment topologies structure provides specific application deployment feature, such as availability, scalability and peace in corporate environment Quan Xing.Data that can be through load equalizer and firewall access such as Oracle data centers (ODC) in the user of work station Center, it includes the application according to selected deployment topologies structure offer, such as fusion application and other application.
Dependent on client and/or the particular demands/requirement of itself is applied, some applications may need to be exposed to internet, And others may need only to be exposed in Intranet, and selected deployment topologies structure should consider this point.This permits Perhaps specific application is deployed to internally to be used in the environment that enterprise uses using Intranet, and also allows external user to utilize Internet accesses other application, all these while also safeguard security between different applications.
According to embodiment, the application at data center can utilize HTTP (HTTP) and internal unity to provide Source finger URL (URL) communicates with one another in data center, to handle the request from user.Due to internal URL and theirs is logical Letter is provided in isolation/safety zone (DMZ) at data center, therefore they can be protected, without example Such as SSL (SSL), this correspondingly provides performance advantage again.Using the outer of SSL can also can be utilized by user's warp Portion URL and fictitious host computer access.Dependent on client and/or the particular demands/requirement of itself is applied, the difference of function can be made Part or aspect can use to the user based on Intranet and/or the user based on internet.Those only make in the data center URL need not be exposed to client based on Intranet or internet of those outside data center or be accessed by them.Supplying To period, if specific application must have the address of accessible outside, then in addition to its home address/URL, also Keeper can be prompted to provide the URL for external address.
Fig. 1 illustrates the system for including multilayer enterprise deployment topological structure according to embodiment.Go out as shown in FIG. 1 , data center (for example, ODC data centers) can include many levels in logic, including the addressable number of Intranet According to layer 100, DMZ- application (app) layer 110 protected and public domain or the web layer 140 of DMZ- protections.
According to embodiment, data Layer can include one or more application databases (for example, fusion application database) 102, it can be accessed through one or more database hosts 104.
Application layer can include one or more applied host machines or node (for example, fusion application main frame) 112, each of which It is individual and including one or more domain and servers.For example, as shown in Figure 1, applied host machine can include customer relationship Manage (CRM) domain 114, generic domain 116 and various other domains 118;Each of which respectively can include acquisition server 120, Subscribed services device 122, SOA servers 124, ESS servers 126 or other servers 128,130,132,134.
The public domain of DMZ- protections or web layer can include one or more with virtual URL146 and the configuration of agency 147 Individual web server 144.According to embodiment, web layer for the work station 170 based on internet, can by it is multiple can internet The URL of access or port 142 are (for example, https://crm.mycompany.com150, https:// Common.mycompany.com154, and https://other.mycompany.com156) through internet 180 and alternatively Load equalizer optionally accesses;For the internal services in data center, can be may have access to by multiple inside URL (for example, crminternal.myco.com160, commoninternal.myco.com164 and Otherinternal.myco.com166) optionally access.As described above, dependent on client and/or apply the spy of itself Provisioning request/demand, those URL used in the data center need not be exposed to outside data center those be based on Intranet or The client of internet is accessed by them.
Dependent on the configuration finally disposed, external workstation can through internet and internet by communication request 202 The URL/ ports of access access the application at data center, these URL/ ports then those requests through with virtual URL And the web server of the configuration of agency 204 is sent to applied host machine 206, and if desired, it is sent to data Layer 208.
Obviously, what is be illustrated in Figure 1 is arranged so as to illustrate and provides, and according to other embodiments, in application layer In domain and the server of different type and arrangement can be provided, and the invention is not restricted to shown specific arrangements.
Fig. 2A, 2B, 2C and 2D illustrate the system of the multilayer enterprise deployment topological structure using fusion application Another embodiment.In the example shown in Fig. 2, host node (CRMHOST1) actively runs fusion application example.Two Level node (CRMHOST2) is redundancy (HA) node for the fusion application example.Host node is managed including being deployed to Server management server and application.Managed service device can be grouped together in the cluster, to be application Autgmentability and high availability are provided.Host node and two-level node formative region together.
As shown in Figures 2 A and 2 B further, the node in web layer is positioned at region (DMZ) public area of isolation Domain.In illustrated example, the Oracle HTTP of two node WEBHOST1 and WEBHOST2 operation WebGate configurations Server, wherein WebGate allow request proxied to weblogic server from Oracle HTTP servers, and WebGate is using Oracle access protocols (OAP) with being operated in Identity Management DMZ on OAMHOST1 and OAMHOST2 Oracle access managers are communicated.WebGate and Oracle access managers are used for performing the operation of such as user authentication. Oracle Web layers also include load equalizer router to handle the request of outside.Outside request is sent to its title and existed The fictitious host computer configured on load equalizer.Then load equalizer forwards the request to Oracle HTTP servers.Protecting On the fire wall of Oracle Web layers, only following http port is to open:443 for HTTPS and 80 for HTTP.
When using external loading balanced device, it should preferably consider:By virtual host name traffic load balancing To real server pools so that client accesses clothes using virtual host name (rather than utilizing actual host title) Business, then load equalizer can be the server in request load balance to pond;Port translation, which configures, causes virtual hostname Claim the different port being transferred to the request to be arrived on port on back-end server;The port in pond on server is monitored to determine The availability of service;It should allow including configuring virtual server title and port, load equalizer for each virtual server The configuration of traffic management on more than one port;Detection node failure and the section for stopping flow being routed to failure immediately Point;The viscosity connection of component is maintained into, example therein includes persistence and IP-based persistence based on cookie;Negative Balanced device is carried to terminate SSL request and flow is forwarded to rear end using equivalent non-ssl protocol (for example, HTTPS to HTTP) Real server;And the further feature to depend on the circumstances.
As shown in Figures 2 A and 2 B further, the node in application layer is located at DMZ safety zones.CRMHOST1 and CRMHOST2 is in Oracle Fusion Customer Relationship Management, Oracle Business Intelligence、Oracle Incentive Compensation、Oracle Fusion Financials、Oracle Fusion Supply Chain Management and Oracle Fusion Human Capital Management are transported in domain Row managed service device.CRMHOST1 and CRMHOST2 is with actively-active or the operation of active-passive implementation from not Managed and C/C++ servers in same area.C/C++ components are by Oracle managements of process and notice server (OPMN) pipe Reason, and all managed service devices are managed by the management server in domain.CRMHOST1 and CRMHOST2 Oracle weblogic servers management console and oracle enterprise's manager fusion middleware control are also run, but is used Active-passive configuration.On the fire wall of protection application layer, http port, OAP ports and proxy port are to open.OAP The WebGate modules run in the Oracle HTTP servers that port is used in Oracle Web layers are accessed with Oracle and managed Reason device is communicated.The application for needing outside HTTP to access can use Oracle HTTP servers as agency.
As shown in figure 2d further, in the data Layer in safest network area, Oracle RAC Database is operated on node FUSIONDBHOST1 and FUSIONDBHOST2.The database is included by Oracle fusion application groups Pattern required for part.The component accesses run in the application layer database.On the fire wall of protection data Layer, database Listening port (generally, 1521) needs to be opened.636) LDAP ports (generally, 389 and are also required to be opened, existed for accessing The flow of LDAP storages in the deployment of IDM enterprises.
Obviously, the deployment topologies structure illustrated in Fig. 2A, 2B, 2C and 2D provides to illustrate, and according to Other embodiments, and different curstomer's sites, requirement and demand are depended on, different deployment topologies structures can be provided, and The invention is not restricted to shown specific deployment topologies structure.
Enterprise for being used together with Fat Client disposes topological structure
In the environment of the software application product suitable for being used on multiple geographical position, or it is in trust on demand (or Preset (on-premise)) in application environment, the application of such as fusion application and other application is generally locked by using fire wall In data center.In most cases, user will utilize announced SSL URL together with appropriate the user name and password Access this application.But in some cases, it may be desirable to which user is using Fat Client (for example, utilizing RMI (RMI) or Java API client), this needs to install Fat Client on the desktop of the terminal user again.Due to this fat Client is needed directly with the application communication in data center, and therefore, this may need otherwise to do hole in fire wall, As described above, this can influence the security or performance of data center.Particularly, in environment on demand in trust, Fat Client It is likely located in the network of different company, so as to be required for hole in the fire wall of both companies.
In order to solve this problem, according to embodiment, can be created at data center for making together with Fat Client Management subnet, then this client trustship is in data center.Then Fat Client user can utilize and for example announce SSL URL logged in by VNC/ remote desktops and perform the activity of Fat Client, without in the anti-of tissue/data center Punched in wall with flues.Dependent on demand/requirement of client, can be created in the data center for wherein installing fusion application Fat Client Independent subnet is built, and only Fat Client is configured to the access to data center server.Terminal user can be with Such as access Fat Client using the VPN (or VNC) for the terminal server for enabling SSL.User with effective voucher then can To sign in these servers using remote desktop and configure their component or operation report, and/or can be number According to FTP the data are loaded, analyze or update into the subnet and using the instrument provided in the subnet.
Fig. 3 illustrates Fat Client according to embodiment, and the Fat Client can be disposed together with topological structure with multilayer enterprise Use.Go out as shown in FIG. 3, the Fat Client or management subnet in the public domain of DMZ- protections or web layer can So that server (example can be included again including one or more provider's clients 240, each of which provider client 240 Such as, Linux server 240 or Windows servers 250,260) and it is various management or other instruments (for example, ftp server 246th, JDev instruments 252 or other instruments 262).Dependent on particular demands/requirement to multilayer application environment, it can be provided Its client 270, server 272 and instrument 274.Fat Client work station 280 outside data center can be through VPN278 connects 282 access Fat Clients or management subnet with socket.Request from Fat Client work station can utilize Such as HTTP, RMI, ODBC or OAP appropriate agreement are through Fat Client or management subnet transmission and forward 284 to arrive application master Machine.
Fig. 4 illustrates to include system of the multilayer enterprise deployment topological structure together with Fat Client according to embodiment.Such as in Fig. 4 Shown in, the environment can include data Layer, using (app) layer and the DMZ public domain protected or web layer, as before Described.Request from Fat Client work station can through Fat Client or management subnet transmission and be forwarded to using master Machine.
Fig. 5 A, 5B, 5C and 5D illustrate that including multilayer enterprise disposes topological structure together with the another of the system of Fat Client A kind of embodiment.As shown in Fig. 5 A, 5B, 5C and 5D, retouched similar to above for Fig. 2A, 2B, 2C and 2D The fusion application environment stated similarly can be used together with Fat Client work station, wherein request can be through Fat Client or pipe Reason subnet transmission is simultaneously forwarded to applied host machine, in this example, dependent on the specific of the particular requirement and enterprise each applied Demand, it make use of such as HTTP, RMI, ODBC or OAP various agreements.
According to embodiment, it is understood that there may be it is required that directly being accessed for example from terminal user through HTTP, socket or other connections Multiple management client/Fat Clients of application server or file system.Some in these Fat Clients may be from inline Net (for preset deployment) or through VPN (for disposing on demand) connections.For example, typical fusion application environment can include one Or multiple management client applications, for example, FR Studio;OBIEE Administrative Client;BI Catalog Manager;Or IPM document provider side clients, such as OFR, OFR Verifier, OFR Designer;ODC;ODC file Server;Ftp server;JDev;And/or ODI Studio.Because each in these Fat Clients may needs pair The direct access (for example, socket connection) of Internet data center's environment, therefore can be included according to embodiment, management subnet For installing multiple windows servers of one or more management Fat Clients wherein, so as to each specific management visitor The application of family end can use the agreement appropriate to the cura specialis client application and/or socket (for example, HTTP, RMI, ODBC or OAP) access data center.
Obviously, the use of Fat Client with deployment topologies structure illustrated in Fig. 5 A, 5B, 5C and 5D also for Illustrate and provide, and according to other embodiments, the use of different deployment topologies structures and Fat Client can be provided, and And the invention is not restricted to shown specific deployments topological structure.
Fig. 6 illustrates the side for including the system of multilayer enterprise deployment topological structure according to the installation and/or configuration of embodiment Method.Go out as shown in FIG. 6, in step 302, determine tissue/client to multilayer application environment (for example, fusion application environment) Demand and/or requirement.In step 306, it is determined that the appropriate deployment topologies structure for customer data center, wherein considering number According to the current aspect (for example, database resource) at center and demand/requirement of client.In step 312, according to deployment topologies structure Supply application environment (including installing and/or configure the component of web server, application, fusion application etc.).In step 318, Fat Client (management subnet) is optionally configured to be used by Fat Client work station so that each specific client can Data center is accessed using to the appropriate agreement of the particular clients and/or socket.
The present invention can easily utilize one or more traditional universal or special digital computers, computing device, machine Device, microprocessor are realized, including one or more processors, memory and/or the meter programmed according to the teaching of present disclosure Calculation machine readable storage medium storing program for executing.Technical staff such as software field will be recognized that, appropriate Software Coding can easily by Skilled programmer is prepared based on the teaching of present disclosure.
In some embodiments, the present invention includes computer program product, and this with storing instruction thereon/wherein Non-transitory storage medium or computer-readable medium, these instructions can be used for programmed computer, to perform any of the present invention Process.Storage medium can include, but not limited to any kind of disk, including floppy disk, CD, DVD, CD-ROM, micro harddisk, And magneto-optic disk, ROM, RAM, EPROM, EEPROM, DRAM, VRAM, magnetically or optically flash memory device, card, nanosystems (bag Include molecular memory IC) or any type of medium or equipment suitable for store instruction and/or data.
The above description of this invention is to provide for the purpose of illustration and description.It is not it is detailed or The present invention is limited to disclosed precise forms.Many modifications and variations all will be apparent to those skilled in the art.Implement The selection of example is in order to best explain the principle and its practical application of the present invention, so that this area other technologies people with description Member is it will be appreciated that various embodiments of the present invention and the various modifications suitable for expected special-purpose.The scope of the present invention will by with Lower claim and its equivalent define.

Claims (9)

1. a kind of system for being used to provide enterprise's deployment topological structure, the system include:
Data center with deployment topologies structure, the deployment topologies structure include the region DMZ public domains of isolation, DMZ Safety zone and Intranet data Layer;
The multiple applied host machines provided according to the deployment topologies structure in the DMZ safety zones and multiple applications, wherein The multiple applied host machine includes one or more microprocessors;
What is provided in the DMZ public domains is used to provide to institute to the user based on Intranet and the user based on internet State multiple fictitious host computers of the access of the function of multiple applied host machines and multiple applications and outside URL;
Wherein, the multiple fictitious host computer is described via being not exposed to using HTTP in the case of no SSL SSL Inside URL outside data center is communicated with the multiple applied host machine and multiple applications, data center's energy described whereby Enough handle the request from the user based on Intranet and the user based on internet;And
Management subnet in the DMZ public domains;
Multiple Fat Clients of the trustship in the management subnet;And
VPN sockets connect, and the VPN sockets connection allows from the work station outside the data center to management The SSL of net is accessed, and the VPN sockets connection is independently of the outside URL provided in the DMZ public domains, whereby The administrator of the work station can be communicated with the multiple Fat Client so that the multiple Fat Client can Request from Fat Client work station is delivered to the multiple applied host machine and multiple applications.
2. the system as claimed in claim 1, wherein, the multiple Fat Client includes multiple keepers and applied and multiple offers Fang Yingyong.
3. the system as claimed in claim 1, wherein, the fictitious host computer can only use HTTP and the multiple applied host machine Communicated with multiple applications, but wherein dependent on the particular requirement and the particular demands of enterprise each applied, it is the multiple Fat Client is communicated using various protocols with the multiple applied host machine and multiple applications, and the various protocols include following In two or more:HTTP, ODBC, RMI and OAP.
4. a kind of method for being used to provide enterprise's deployment topological structure, the method comprising the steps of:
The data center deployment for providing the region DMZ public domains for including isolation, DMZ safety zones and Intranet data Layer is opened up Flutter structure;
According to the deployment topologies structure multiple applied host machines and multiple applications are provided in the DMZ safety zones;
There is provided at the DMZ public domains for being provided to the user based on Intranet and the user based on internet to described The multiple fictitious host computers and outside URL of the access of multiple applied host machines and the function of multiple applications;
Using HTTP via the inside URL being not exposed to outside the data center in the case of no SSL SSL Communicated between the multiple fictitious host computer and the multiple applied host machine and multiple applications, data center's energy described whereby Enough handle the request from the user based on Intranet and the user based on internet;And
Management subnet is provided in the DMZ public domains;
Multiple Fat Clients of the trustship in the management subnet are provided;And
The connection of VPN sockets is provided, the VPN sockets connection allows from the work station outside the data center to the pipe The SSL for managing subnet is accessed, and the VPN sockets are connected independently of the outside URL provided in the DMZ public domains, The administrator of work station described whereby can be communicated with the multiple Fat Client so that the multiple Fat Client Request from Fat Client work station can be delivered to the multiple applied host machine and multiple applications.
5. method as claimed in claim 4, wherein, the multiple Fat Client includes multiple keepers and applied and multiple offers Fang Yingyong.
6. method as claimed in claim 4, wherein, the fictitious host computer can only use HTTP and the multiple applied host machine Communicated with multiple applications, but wherein dependent on the particular requirement and the particular demands of enterprise each applied, it is the multiple Fat Client is communicated using various protocols with the multiple applied host machine and multiple applications, and the various protocols include following In two or more:HTTP, ODBC, RMI and OAP.
7. a kind of equipment for being used to provide enterprise's deployment topological structure, including:
For providing the region DMZ public domains for including isolation, DMZ safety zones and the data center section of Intranet data Layer Affix one's name to the device of topological structure;
For providing multiple applied host machines and the dress of multiple applications in the DMZ safety zones according to the deployment topologies structure Put;
For being provided at the DMZ public domains for being provided pair to the user based on Intranet and the user based on internet Multiple fictitious host computers of the access of the multiple applied host machine and the function of multiple applications and outside URL device;
For in the case of no SSL SSL using HTTP via the inside URL being not exposed to outside data center The device to be communicated between the multiple fictitious host computer and the multiple applied host machine and multiple applications, data described whereby Center can handle the request from the user based on Intranet and the user based on internet;
For providing the device of management subnet in the DMZ public domains;
For providing the device of multiple Fat Clients of trustship in the management subnet;
For providing the device of VPN sockets connection, the VPN sockets connection allows from the work outside the data center The SSL access stood to the management subnet, the VPN sockets connection is independently of the institute provided in the DMZ public domains Outside URL is stated, the administrator of work station described whereby can be communicated with the multiple Fat Client so that described more Request from Fat Client work station can be delivered to the multiple applied host machine and multiple applications by individual Fat Client.
8. equipment as claimed in claim 7, wherein, the multiple Fat Client includes multiple keepers and applied and multiple offers Fang Yingyong.
9. equipment as claimed in claim 7, wherein, the fictitious host computer can only use HTTP and the multiple applied host machine Communicated with multiple applications, but wherein dependent on the particular requirement and the particular demands of enterprise each applied, it is the multiple Fat Client is communicated using various protocols with the multiple applied host machine and multiple applications, and the various protocols include following In two or more:HTTP, ODBC, RMI and OAP.
CN201380004322.7A 2012-01-10 2013-01-10 Software deployment topological structure Active CN103999412B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
US201261585188P 2012-01-10 2012-01-10
US61/585,188 2012-01-10
US201261620881P 2012-04-05 2012-04-05
US61/620,881 2012-04-05
US13/468,792 2012-05-10
US13/468,792 US8856295B2 (en) 2012-01-10 2012-05-10 System and method for providing an enterprise deployment topology with thick client functionality
PCT/US2013/021048 WO2013106581A1 (en) 2012-01-10 2013-01-10 Software deployment topology

Publications (2)

Publication Number Publication Date
CN103999412A CN103999412A (en) 2014-08-20
CN103999412B true CN103999412B (en) 2017-12-15

Family

ID=48744875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380004322.7A Active CN103999412B (en) 2012-01-10 2013-01-10 Software deployment topological structure

Country Status (6)

Country Link
US (2) US8856295B2 (en)
EP (1) EP2803169B1 (en)
JP (1) JP6177799B2 (en)
CN (1) CN103999412B (en)
IN (1) IN2014CN03609A (en)
WO (1) WO2013106581A1 (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8479098B2 (en) * 2009-08-12 2013-07-02 Ebay Inc. Reservation of resources and deployment of applications using an integrated development environment
US8856295B2 (en) * 2012-01-10 2014-10-07 Oracle International Corporation System and method for providing an enterprise deployment topology with thick client functionality
US9311066B1 (en) * 2012-06-25 2016-04-12 Amazon Technologies, Inc. Managing update deployment
US9838370B2 (en) * 2012-09-07 2017-12-05 Oracle International Corporation Business attribute driven sizing algorithms
US9292279B2 (en) * 2013-01-22 2016-03-22 Maluuba Inc. Method and system for creating and managing a dynamic route topography for service oriented software environments
US9575738B1 (en) * 2013-03-11 2017-02-21 EMC IP Holding Company LLC Method and system for deploying software to a cluster
US9077613B2 (en) * 2013-04-10 2015-07-07 International Business Machines Corporation System and method for graph based K-redundant resiliency for IT cloud
US9716746B2 (en) * 2013-07-29 2017-07-25 Sanovi Technologies Pvt. Ltd. System and method using software defined continuity (SDC) and application defined continuity (ADC) for achieving business continuity and application continuity on massively scalable entities like entire datacenters, entire clouds etc. in a computing system environment
US10097410B2 (en) 2014-06-26 2018-10-09 Vmware, Inc. Methods and apparatus to scale application deployments in cloud computing environments
US9507678B2 (en) * 2014-11-13 2016-11-29 Netapp, Inc. Non-disruptive controller replacement in a cross-cluster redundancy configuration
US20160285957A1 (en) * 2015-03-26 2016-09-29 Avaya Inc. Server cluster profile definition in a distributed processing network
JP6736943B2 (en) * 2016-03-29 2020-08-05 富士通株式会社 Information processing apparatus, information processing method, information processing program, and information distribution system
US10033646B2 (en) * 2016-05-12 2018-07-24 International Business Machines Corporation Resilient active-active data link layer gateway cluster
US20180032322A1 (en) * 2016-07-29 2018-02-01 Hewlett Packard Enterprise Development Lp Automated devops application deployment
CN107222544B (en) * 2017-06-14 2020-09-18 千寻位置网络有限公司 High availability method and system based on multi-layer service architecture
JP6866927B2 (en) * 2017-09-06 2021-04-28 日本電気株式会社 Cluster system, cluster system control method, server device, control method, and program
US11144298B2 (en) * 2018-07-13 2021-10-12 Microsoft Technology Licensing, Llc Feature installer for software programs
US10956139B2 (en) * 2018-11-26 2021-03-23 Sap Se Integration process to integration adapter connector
US11422784B2 (en) * 2019-01-11 2022-08-23 Walmart Apollo, Llc System and method for production readiness verification and monitoring
US11182139B2 (en) 2019-01-11 2021-11-23 Walmart Apollo, Llc System and method for production readiness verification and monitoring
US11245750B2 (en) * 2019-02-16 2022-02-08 International Business Machines Corporation File server load balancing
US11029936B2 (en) * 2019-04-11 2021-06-08 Microsoft Technology Licensing, Llc Deploying packages to devices in a fleet in stages
US11221837B2 (en) 2019-04-11 2022-01-11 Microsoft Technology Licensing, Llc Creating and deploying packages to devices in a fleet based on operations derived from a machine learning model
US10644954B1 (en) * 2019-05-10 2020-05-05 Capital One Services, Llc Techniques for dynamic network management
US10587457B1 (en) 2019-05-10 2020-03-10 Capital One Services, Llc Techniques for dynamic network resiliency
US10756971B1 (en) 2019-05-29 2020-08-25 Capital One Services, Llc Techniques for dynamic network strengthening
US20220027145A1 (en) * 2020-07-23 2022-01-27 Dell Products L.P. Cloud-based dynamic plugin distribution
US11928239B2 (en) 2021-09-30 2024-03-12 Sap Se Sensitive data management system
US11729057B1 (en) * 2022-02-07 2023-08-15 The Bank Of New York Mellon Application architecture drift detection system

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001073659A2 (en) * 2000-03-24 2001-10-04 Semidaq, Inc. Systems and methods for correcting supply/demand imbalances in multi-tier exchanges
US7657887B2 (en) 2000-05-17 2010-02-02 Interwoven, Inc. System for transactionally deploying content across multiple machines
US20020157020A1 (en) * 2001-04-20 2002-10-24 Coby Royer Firewall for protecting electronic commerce databases from malicious hackers
US7210143B2 (en) 2002-07-17 2007-04-24 International Business Machines Corporation Deployment of applications in a multitier compute infrastructure
US7240325B2 (en) 2002-09-11 2007-07-03 International Business Machines Corporation Methods and apparatus for topology discovery and representation of distributed applications and services
US7568023B2 (en) * 2002-12-24 2009-07-28 Hewlett-Packard Development Company, L.P. Method, system, and data structure for monitoring transaction performance in a managed computer network environment
US7926051B2 (en) 2003-11-10 2011-04-12 International Business Machines Corporation Automatic parallel non-dependent component deployment
US7590713B2 (en) 2003-11-24 2009-09-15 Microsoft Corporation Presenting a merged view of remote application shortcuts from multiple providers
US20050273849A1 (en) * 2004-03-11 2005-12-08 Aep Networks Network access using secure tunnel
US7665085B2 (en) 2004-03-15 2010-02-16 Ramco Systems Limited Flexible deployment of software applications
US20060080413A1 (en) 2004-06-17 2006-04-13 International Business Machines Corporation Method and system for establishing a deployment plan for an application
JP4362778B2 (en) 2004-12-06 2009-11-11 村田機械株式会社 Proxy server device
US9083748B2 (en) * 2004-12-16 2015-07-14 Hewlett-Packard Development Company, L.P. Modelling network to assess security properties
US20060245354A1 (en) 2005-04-28 2006-11-02 International Business Machines Corporation Method and apparatus for deploying and instantiating multiple instances of applications in automated data centers using application deployment template
US8050801B2 (en) 2005-08-22 2011-11-01 Trane International Inc. Dynamically extensible and automatically configurable building automation system and architecture
US9038023B2 (en) 2005-12-30 2015-05-19 Sap Se Template-based configuration architecture
US7774446B2 (en) 2005-12-30 2010-08-10 Microsoft Corporation Discovering, defining, and implementing computer application topologies
US20070260702A1 (en) 2006-05-03 2007-11-08 University Of Washington Web browser architecture for virtual machine access
US9251498B2 (en) 2006-10-23 2016-02-02 Oracle International Corporation Facilitating deployment of customizations of enterprise applications
US20080178278A1 (en) * 2007-01-22 2008-07-24 Doron Grinstein Providing A Generic Gateway For Accessing Protected Resources
JP5246640B2 (en) 2007-09-28 2013-07-24 インターナショナル・ビジネス・マシーンズ・コーポレーション Technology that automates user operations
US20100057848A1 (en) * 2008-08-27 2010-03-04 Mangold Jeffrey E System and method for optimizing the physical development of athletes
US8302093B2 (en) 2008-08-28 2012-10-30 International Business Machines Corporation Automated deployment of defined topology in distributed computing environment
US9886253B2 (en) * 2009-12-29 2018-02-06 Oracle International Corporation Techniques for managing functional service definitions in an SOA development lifecycle
US8856300B2 (en) * 2010-05-18 2014-10-07 At&T Intellectual Property I, L.P. End-to-end secure cloud computing
US9292343B2 (en) 2010-06-30 2016-03-22 Oracle International Corporation Method and system for performing deployment management
US9749291B2 (en) * 2011-07-15 2017-08-29 International Business Machines Corporation Securing applications on public facing systems
US8856295B2 (en) * 2012-01-10 2014-10-07 Oracle International Corporation System and method for providing an enterprise deployment topology with thick client functionality

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于J2EE的企业电子商务平台的研究及优化设计";金双武;《中国优秀博硕士学位论文全文数据库(硕士)社会科学Ι辑(经济政治与法律)》;20050615;正文第47-53页 *

Also Published As

Publication number Publication date
US9906578B2 (en) 2018-02-27
WO2013106581A1 (en) 2013-07-18
IN2014CN03609A (en) 2015-10-09
US20130179874A1 (en) 2013-07-11
JP6177799B2 (en) 2017-08-09
EP2803169A1 (en) 2014-11-19
EP2803169B1 (en) 2020-03-04
US8856295B2 (en) 2014-10-07
US20130179876A1 (en) 2013-07-11
JP2015510627A (en) 2015-04-09
CN103999412A (en) 2014-08-20

Similar Documents

Publication Publication Date Title
CN103999412B (en) Software deployment topological structure
US8179809B1 (en) Approach for allocating resources to an apparatus based on suspendable resource requirements
US7103647B2 (en) Symbolic definition of a computer system
US8234650B1 (en) Approach for allocating resources to an apparatus
US8019870B1 (en) Approach for allocating resources to an apparatus based on alternative resource requirements
RU2417416C2 (en) Solution deployment in server farm
US20130007506A1 (en) Managing recovery virtual machines in clustered environment
US20110126168A1 (en) Cloud plarform for managing software as a service (saas) resources
CN104679608A (en) Infrastructure visualization platform building method and mirror management structure of infrastructure visualization platform building method
CN104363306A (en) Private cloud management control method for enterprise
WO2003091895A2 (en) System for managing and delivering digital services through computer networks
Hernandez et al. Design and validation of a scheme of infrastructure of servers, under the PPDIOO methodology, in the university Institution-ITSA
Weiden et al. Anycast as a load balancing feature
Scadden et al. Resilient hosting in a continuously available virtualized environment
Chakraborty et al. Application High Availability and Disaster Recovery on Azure
CN107302600A (en) The implementation method and device of a kind of distributed FTP service
Paul et al. Oracle Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite, 11g Release 1 (11.1. 1) E12036-04
Chakraborty et al. On-Premises to On-Premises Using ASR
Paul et al. Oracle Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite, 11g Release 1 (11.1. 1) E12036-05
Chakraborty et al. Recovering Microsoft Azure Workloads to Another Azure Region
Paul et al. Oracle Fusion Middleware Enterprise Deployment Guide for Oracle SOA Suite, 11g Release 1 (11.1. 1) E12036-07
CN114666131A (en) Certificate management system, certificate management method and certificate management system construction method
Paul et al. Oracle Fusion Middleware Enterprise Deployment Guide for Oracle WebCenter, 11g Release 1 (11.1. 1) E12037-02
Desmond et al. Oracle Exalogic Elastic Cloud Enterprise Deployment Guide for Oracle Identity Management Release EL X2-2 and EL X3-2 E35832-01
Wessler et al. Architecture and Deployment Topologies

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant